package com.liqi.framework.sso;

import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;

/**
 * 短信登陆鉴权 Provider，要求实现 AuthenticationProvider 接口
 *
 */
public class TokenSsoAuthenticationProvider implements AuthenticationProvider {
	private UserDetailsService userDetailsService;

	@Override
	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
		TokenSsoAuthenticationToken authenticationToken = (TokenSsoAuthenticationToken) authentication;

		String token = (String) authenticationToken.getPrincipal();

		UserDetails userDetails = userDetailsService.loadUserByUsername(token);

		// 此时鉴权成功后，应当重新 new 一个拥有鉴权的 authenticationResult 返回
		TokenSsoAuthenticationToken authenticationResult = new TokenSsoAuthenticationToken(userDetails,
				userDetails.getAuthorities());

		authenticationResult.setDetails(authenticationToken.getDetails());

		return authenticationResult;
	}

	@Override
	public boolean supports(Class<?> authentication) {
		// 判断 authentication 是不是 TokenSsoAuthenticationToken 的子类或子接口
		return TokenSsoAuthenticationToken.class.isAssignableFrom(authentication);
	}

	public UserDetailsService getUserDetailsService() {
		return userDetailsService;
	}

	public void setUserDetailsService(UserDetailsService userDetailsService) {
		this.userDetailsService = userDetailsService;
	}
}
